|
PHP - Require() && Regenerate_session_id() && Http Cookies
Greetings,
I threw together a log in script that uses regenerate_session_id to help prevent session hijacking. The script has 2 basic parts: authentication and session validation Session Validation is a script that is set-a-top of other php scripts using a require_once call. It validates the token and session, and it will regenerate a session id if need be. What I've noticed when loading a page, is when a user has been validated (session id and token id) AND a new session id has been generated, if the client aborts while PHP is processing the rest of script, the session becomes invalid and the user must re log in. I believe what is happening is the server-side has been updated with the newly generated session but the client hasn't gotten the updated cookie thus creating a mismatch at time of next session and token validation. Does this make any sense? Possible Fix: If session id regeneration is required, conditionally register a shutdown function that will initiate the regeneration of session id. This will ensure the initial PHP processing has completed, and a less intensive block of code can regenerate the id. This closes the client-abortion while processing window substantially I'm looking for some advice on possible solutions and problems. Thanks! :] Similar TutorialsI need to send two cookie name/value pairs to the page I am trying to open using file_get_contents, in order for the person viewing the page to have associated dynamic content, but it isn't working, and I'm wondering if I'm setting it up right: if(isset($_COOKIE['bwd_data']) && isset($_COOKIE['bwd'])){ $cookie_val = $_COOKIE['bwd_data']; $cookie_val2 = $_COOKIE['bwd']; $opts = array( 'http'=>array( 'method'=>"GET", 'header'=>"Accept-language: en\r\n" . "Cookie: bwd_data=" . $cookie_val . "\r\n" . "Cookie: bwd=" . $cookie_val2 ) ); $context = stream_context_create($opts); echo(file_get_contents(url::site('httperrors','http'), FALSE , $context)); }else{ echo(file_get_contents(url::site('httperrors','http'))); } trying to use a require but not working properly Fatal error: require() [function.require]: Failed opening required 'get_extra.php?id=1' (include_path='.') first thing set on page is.. page is profile.php?id=1 $userid = $_GET['id']; code is:require "get_extra.php?id=$userid"; what can i do to fix this? thanks Trying to run a simple program that, when submitted, stores the username and password as cookies. When clicking Submit, I get the error "HTTP Error 405 - The HTTP verb used to access this page is not allowed". If the username and password fields are left blank when submitting it's suppose to give a message to enter a username and password, but, I still get that error message. HTML form: Code: [Select] <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>Week 1 Project--Cookies</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> </head> <body> <form action="cookie1.php" method="post"> <h2 align="center">Cookies</h2> <br /> <div> <p>Enter your username and password and click "Submit":</p><br /> <p>Username:<input type="text" name="username" size="20"></p> <p>Password:<input type="text" name="password" size="20"></p> </div> <br /> <div><input type="submit" name="submit" value="Submit" /></div> <br /> <div> <input type="reset" name="Reset" value="Start Over" /> </div> </form> </body> </html> PHP file: Code: [Select] <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>Cookie File</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> </head> <body> <div> <?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { setcookie('username', $_POST['username'], time() + 2592000); setcookie('password', $_POST['password'], time() + 2592000); } if(($_POST['username'] == "") || ($_POST['password'] == "")) { print "You must enter both a username and password. Press the Back button on your browser and try again."; } else if (isset($_COOKIE['username'])) { print "Welcome, " .$_COOKIE['username']; } ?> </div> </body> </html> How do I only redirect the page when index.php is present? Is there a better way to define the page name other than require("./anyfolder/any.php"); trouble is i define the page by using ./myfole/anyfile.php but if the page is called from deeper inside my site it dose not work. i have to change all the includes and put an additional . so it ends up looking like this ../myfole/anyfile.php I've just downloaded a 3d party app and I'm finding that most (98%) of the [files].php have a "<?php" but not a "?>" in them. I created a tst.php...HW and it seems to not care. An improvement? Mox-Nix? Poor form? Or the same coder the loves 0xEEE text on a 0xFFF background because it's sooooo cool.
Head @ 42 deg /////
Thanks
cal
Why would I want to use include() vs. require() ?? (It seems like most people use "include()", but I would think "require()" would be better/safer...) TomTees Hi, i have a DB login system and i was wondering if there was a code that i could put on all of my web-pages so that only members (people who actually logged in) could view tem and the rest would be re-directed to /login/loginfailed.php If this is not possible, could there be a way to only allow people who came from a specific url to see the page to see them and the rest be re-directed to /login/loginfailed.php Thanks in advance! Okay I have 3 files in the following format: home/run.php home/config.php game/check.php In run.php, I have config.php required as 'home/config.php' and then in config.php I define an absolute path. However, I'm trying to require run.php from check.php but I keep getting an issue because then config.php isn't included. I've tried require using 'home/run.php', '../home/run.php' and even an absolute path. What do I need to do? Hey all, I've been having an issue with require_once from another sub-directory. Origionally I had all my php files in the same spot but I wanted to make a library to clean things up a bit. Atm I am trying to access my /subFolder/frame_work/sql/dbconnect.rem.php with require once from /subFolder/frame_work/account_data/accountHandler.rem.php. I have looked around a little bit and i know requires\includes looks in relative directorys. So one obvious solution would be to include the entire path name. "var/www/subFolder/frame_work/sql/dbconnect.rem.php". My problem is I will be accessing this from multiple directories and on localhost the root directory is var opposed to my server which is public_html. I like to edit my stuff in localhost before going public with it and it is going to be a real pain if I have to keep switching var to public_html in every file before I upload. Is there any other solutions I could approach? Any responses would be much appreciated. Thank you for your time. Hello. Include is identical to require, only require stops any further script execution. Just wondering if anyone could give me a good example, where 'require' should be used instead 'include'. Thanks. This error is very bizarre since I can't seem to debug it. When I require my header, it is included. When I require my footer, it is not. I am 100% the paths are correct, and I tried another file to make sure it wasn't the footer causing the error. Here's the code for the header, footer, and index. If you need to see anything else just tell me. header Code: [Select] <?php ob_start(); ?> <?php ini_set('session.cookie_domain', '.domain'); ?> <?php ini_set('display_errors','On'); ?> <?php session_start(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <head> <link rel='stylesheet' href='includes/css/reset.css' type="textcss"/> <link rel="stylesheet" href="includes/css/style.css" type="text/css"/> <title>Domain</title> </head> <?php require('classes/common.inc.php'); $common = new common(); if($common->_truesession()) { $hsuser = $_SESSION['username']; } $common->_cookiecheck(); $db = $common->_db(); echo "<ul>"; echo "<li><a href=domain.com>Domain</a><ul>"; $query = $db->_query("select * from links where id > 1"); while($row = $db->_assoc($query)) { $name = $row['name']; $link = $row['url']; echo "<li><a href=".$db->_out($link).">".$db->_out($name)."</a></li>"; } echo "</ul></li></ul>"; ?> index Code: [Select] <?php require('includes/header.php'); ?> <?php ?> <?php require('includes/footer.php'); ?> footer Code: [Select] <?php echo "<ul>"; echo "<li><a href=about.php>About</a></li>"; if(!$common->_truesession()) { echo "<li><a href=register.php>Register</a></li>"; } echo "</ul>"; $year = date('Y'); echo "© $year <a href='http://domain.com'>Domain</a>"; ob_end_flush(); ?> Hello, I have a small and annoying problem. Imagine that I have a main folder on my FTP server which has index.php and I then have a php folder for all of my small scripts and an includes folder for misc files. So, for instance http://www.somedomain.com/index.php http://www.somedomain.com/php/somescript.php http://www.somedomain.com/includes/somefile.html Inside somescript.php, I need to use one of the files from the includes folder, like this for example: require('../includes/somefile.html'); This is all fine, but the problem is when I include the PHP file on my index.php page. Then I am telling PHP to go one step back to find the includes folder, but the problem is that it only needs to go one step back if it PHP script is not included on some page outside of the php folder. If I run php/somescript.php, there is no problem, but if I include php/somescript.php on my index.php, then there is trouble! I hope you guys understand what I mean. Thanks in advance! PS - I would appreciate if the solution is not about moving php/somescript.php or using full URLs in my includes. I am very confused in between these three terms INCLUDE, REQUIRE, HEADER... Can anyone tell me the difference between these three terms... I just want to run a php file in the if condition.. Basically i do not want to open i just want to run ... for ex. Code: [Select] <?php if(condition) { // run mail.php file } ?> Hi, I want to have a require() and a header() on the same page. This is just impossible right? Hi This is a strange one, and I'm not sure whats going on here. I've tried googling the answer to no avail. Basically, I'm writing a Wordpress plugin, and here's my setup: install.php has a class called 'two_install' The main plugin file code snippet: Code: [Select] // Installation require(plugin_basename('installer.php')); // Initiate installation class $twp_install = new twp_install; This results in this on activation: Fatal error: Class 'twp_install' not found in path-on-server\wp-content\plugins\twitter_parser\twitter_parser.php on line xx Anyone got any ideas? Just a note, there is definitely a class called 'twp_install' in installer.php! Thanks in advance Php Folks, As you know, typing the same code over and over again on all files is daunting. I was wondering, if I can have an error_reporting.php file and then put:
include('error_reporting.php');
at the top of all my php files as header, where the error_reporting.php would have this content:
<?php
error_reporting(E_ALL);
ini_set('error_reporting','E_ALL');
ini_set('display_errors','1');
ini_set('display_startup_errors','1');
?>
Q1. Is that ok or not ?
Q2. Usually, I have a conn.php with content like this:
<?php
$conn = mysqli_connect("localhost","root","","db_database");
$db_server = 'localhost';
$db_user = 'root';
$db_password = '';
$db_database = 'test';
$conn->set_charset('utf8mb4');//Always use Charset.
if (!$conn)
{
//Error Message to show user in technical/development mode to see errors.
die("Database Error : " . mysqli_error($conn));
//Error Message to show User in Layman's mode to see errors.
die("Database error.");
exit();
}
?>
And then, on all my php files, I just reference to the conn.php by putting the following line on the header:
include('conn.php');
Or:
require('conn.php');
And on each php file, just before dealing with mysql, I have a line like this:
mysqli_report(MYSQLI_REPORT_ALL|MYSQLI_REPORT_STRICT);
$conn->set_charset("utf8mb4");
Now, I am wondering, why should I write the above 2 lines on all my php files that deal with mysql ? To keep things short, why don;t I just add those 2 lines in the error_reporting.php ? So, it looks like this:
error_reporting.php
<?php
ini_set('error_reporting','E_ALL');//error_reporting(E_ALL);
ini_set('display_errors','1');
ini_set('display_startup_errors','1');
mysqli_report(MYSQLI_REPORT_ALL|MYSQLI_REPORT_STRICT);
$conn->set_charset("utf8mb4");
?>
how can I start an scenario like this in the sql database? This is a two part question... my previous post was surrounding an issue with Sessions, now I was told that it may be a server side issue so I contacted my host provider who said to me that sessions cookies REQUIRE https?? now this can't be valid because I've had no issues with sessions prior to this week - second part of this is, is there something I'm missing with maybe an updated versions?
PS: yes, i'm new and simply trying to learn... is there a way to do an include or require to a whole directory? I have only done includes and requires with single files in the past, but have a situation where this could save me a lot of time. |
|||||||